Chromium, Firefox updates fix severe security bugs

0 Comments

Successful exploitation of some associated with these flaws could allow assailants to take control over vulnerable techniques

Google and Mozilla are each urging users to patch serious vulnerabilities in their respective web browsers, Chrome plus Firefox, that could be exploited to allow threat actors in order to take over users’ systems. The security fixes will be folded to be able to Windows, Mac, and Linux on the next few days. Importantly, none of the flaws offers been spotted as being abused in the wild.

Stainless

The new stable  release of Stainless, 87. 0. 4280. 141 , brings 16 security fixes; plus while the tech giant won’t disclose details for all of all of them until the majority of its userbase has received the updates, it did highlight patches just for 13 vulnerabilities that were documented by external researchers.

Twelve flaws were classified since high-risk, while one was decided to be medium in intensity. Most of the high-severity flaws are use-after-free bugs, i. e. memory corruption flaws, residing within various Chromium components. They could be exploited in case an user visited or was redirected to a specially crafted web page to get remote code execution in the framework of the browser, noted the particular Center for Internet Security .

Search engines paid more than US$110, 000 to the security researchers for discovering and reporting the vulnerabilities.

The Cybersecurity plus Infrastructure Security Agency (CISA)   issued a security advisory   urging users and system administrators to update the browser: “Google has released Chrome edition 87. 0. 4280. 141 meant for Windows, Mac, and Linux. This particular version addresses vulnerabilities that a good attacker could exploit to take manage of an affected system. ”

Firefox

Meanwhile, Mozilla  released a security update   to address a critical-rated security loophole that is tracked as  CVE-2020-16044   and affects browser versions just before Firefox 84. 0. 2, Firefox for Android 84. 1. 3, and Firefox ESR 78. 6. 1.

“A malicious peer could possess modified a COOKIE-ECHO chunk in an SCTP packet in a manner that potentially resulted in an use-after-free. We presume that with enough effort it could have been used to run arbitrary code, ” said Mozilla describing the strike vector.

The Stream Control Transmission Protocol (SCTP) will be used for transporting multiple channels of data at the exact same time between two endpoints that are connected to the exact same network. The flaw in Firefox resides in how the process handles cookie data.

CISA took note of this particular vulnerability as well and released an  advisory   urging both users and managers to update their software to protect their systems from possible attacks.

You are usually indeed strongly encourage to update the browsers to their respective latest versions as soon since practicable. You can download the most recent version of Chrome  here   and Firefox  here . If you have automatic updates enabled, your browsers should update by themselves.